What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Cross Site Request Forgery.This issue affects WP w3all phpBB: from n/a through <= 2.9.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in axew3 WP w3all phpBB wp-w3all-phpbb-integration allows Cross Site Request Forgery.This issue affects WP w3all phpBB: from n/a through <= 2.9.8.
Explanation of Vulnerability in Simple Terms
WP w3all phpBB versions up to 2.9.8 contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on their behalf. The vulnerability requires user interaction—the admin must click the link or visit the attacker's page. No data is exposed, but site settings or content could be modified.
What an attacker can do
Perform unwanted actions (modify settings, change content) on behalf of a logged-in administrator.
Potential impact on your site
An attacker can trick your admin into modifying site settings or content without their knowledge.
Conditions required to exploit
Administrator must visit a malicious link or page while logged in to the site.
Key dates
External resources